There are now 8 Actions to secure a Windows 10 PC from malware, up from 6. These 8 Actions will make a Windows 10 PC almost unhackable.

1. Browser (Isolation) Sandbox.A browser sandbox, properly configured, prevents malware from downloading from your browser to your PC. The best option for home users, by far, is paidSandboxie. Sandboxie needs to patch about one vulnerability per year, compared to hundreds of vulnerabilities per year for Firefox, Chrome, IE11, and Microsoft Edge browsers. Configure Sandboxie to force Chrome and IE11 to run inside of Sandboxie. $75 for 5 lifetime Sandboxie licenses

5. Operating System Hardening (free).Microsoft Windows has a lot of native programs, settings, and functions that the average home user does not use nor need, and that make Windows (more) insecure. I turn most of these off or disable them. Hardening is a key way to improve email security if you use Microsoft Outlook. Key hardening items:

Accounts: Work from a Standard User account. Use an Administrator account only for software installations and updates. Set User Account Control to "Always Notify"

App Installation Setting: Only install apps from the Windows Store (after all program installation is finished)

However, these eight actions, in combination, make it almost impossible for your PC to be hacked or to be infected.

I’ll cover home network (firewall and router) and Internet of Things (IOT) security in a future post.

Jeff

PS: Don't buy Lenovo or other Chinese company PCs. Buy Dell (preferred) or HP, for which the Chinese government is less likely to be able to install malware at the factory. In case you've not figured this out, the Chinese are not our friends. They are our enemies